CVE-2020-10688
Cross-site scripting in RESTEasy
5.4
MEDIUM
CVSS 3.1
EPSS 0.34%
Description
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
How to fix CVE-2020-10688
To remediate CVE-2020-10688, upgrade the affected package to a fixed version below.
- —no fix listed
- —upgrade to 3.11.1.Final or later
- —upgrade to 3.11.1.Final or later
Is CVE-2020-10688 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0
- from 0, < 3.11.1.Final
- from 0, < 3.11.1.Final
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |